Cyber Risks Real and Here Now

Industry Lags in Applying Adequate Protections

By Carly Fields
Shipping and logistics are now direct targets for cyber criminals, yet the industry is still dragging its heels on applying adequate cyber protection.
That was the stark message from a digital risk session at Breakbulk Europe, where panelists agreed that the industry needs to “tighten its belt.”
Addressing the audience, Capt. Rahul Khanna, global head of marine risk consulting at Allianz Global Corporate & Specialty, criticized the industry for reacting too late to risks. He conceded that awareness of cyber risks is growing but so is the threat.
“It’s only a matter of time before something serious happens,” he said. “The risk is there and industry understands that, but cost is the biggest barrier.”
While some stakeholders still see cyber security as money down the drain if they never have an attack, Khanna pointed out that if protection seems expensive, operators should try totaling the costs related to an attack.
He added that the industry also needs to worry more about what third-party suppliers are doing on a cyber front and pointed out that cyber concerns are no longer solely an IT problem. “This is much bigger and the commitment has to come right from the top for resources and direction,” he said.
Khanna recommended a four-prong approach to assessing risks. First, look inside at vulnerabilities. Second, develop plans to address those vulnerabilities. Third, put those plans in place and monitor them. Fourth, have a contingency plan.
“The best place to start is to get an independent consultant to stress test your systems,” he said.
The panel also discussed a lack of accurate reporting of cyberattacks. This needs to change for the greater good, they agreed.
“The whole risk management process is learning from mistakes,” Khanna said. “This can only happen if you share information. This will go a long way in preparing those who haven’t had an attack.
“This is new to us all. Industry needs to come together and share info on a common platform. Cyber knows no boundaries. The threat is out there and the more we go down the connected route the more the threats will escalate.” 
Khanna also acknowledged the “silent cyber exposure” keeping insurers awake at night. He explained that there is ambiguity in insurance policies that were not built with cyber risks in mind.
“We could be sitting on a huge amount of exposure, hundreds of millions of dollars,” he warned.